A Review of the Best News of the Week on Identity Management & Web Fraud

Global Surveillance in the Wake of COVID-19 (Schneier on Security, Apr 24 2020)
“OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location…”

Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies (Krebs on Security, Apr 24 2020)
“Many of the same shadowy organizations …via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help combat the COVID-19 pandemic.”

Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks (Infosecurity Magazine, Apr 30 2020)
New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

WHO Confirms Email Credentials Leak (Dark Reading, Apr 24 2020)
Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused.

Which video call apps should you use if you care about privacy? (Help Net Security, Apr 28 2020)
To help individuals and organizations choose video call apps that suit their needs and their risk appetite, Mozilla has released a new “Privacy Not Included” report that focuses on video call apps.

Google, Apple tighten protections on contact tracing; Americans worry over privacy (SC Media, Apr 28 2020)
As the likes of Google and Apple bolster privacy in the race to come up with contact tracing apps to get a handle on the spread of COVID-19, Americans are placing a premium on safeguarding their data with only 27 percent in one study saying they would give permission to an app to track their location.

Assessing the risks of ACH payments (Help Net Security, Apr 29 2020)
Organizations today are tired of the inefficient processes, expensive fees and outdated methods involved in payment transfers. Modern business leaders want to move money in a more efficient, cost-effective way.

Would you trust Amazon Alexa more if given the option to adjust privacy settings? (Help Net Security, Apr 29 2020)
Giving users of smart assistants the option to adjust settings for privacy or content delivery, or both, doesn’t necessarily increase their trust in the platform, according to a team of Penn State researchers. In fact, for some users, it could have an unfavorable effect.

Twitter Moves to Ban 5G #COVID19 Conspiracy Theories (Infosecurity Magazine, Apr 24 2020)
Social network updates policy guidance to tackle fake news

Connecticut town drops drone program to combat COVID-19 spread over privacy concerns (SC Media, Apr 24 2020)
Drones chasing people around during a worldwide pandemic to determine if they’ve been infected with the coronavirus seemed too much like something out of a sci-fi movie, fraught with privacy and security concerns, for a Connecticut town that joined, then quickly ditched its plans to participate…

Privacy pros expecting an increase in privacy rights requests as a result of COVID-19 (Help Net Security, Apr 26 2020)
92% of companies are concerned about new consumer rights under the California Consumer Privacy Act (CCPA) with 51% believing this is the hardest part of CCPA compliance and 64% planning to spend more than $100K on compliance in 2020, according to Truyo. Despite changing IT priorities and tightening of spend due to COVID-19 measures, 56% of data privacy professionals are expecting there will be an increase in rights requests as a result of COVID-19.

How to formulate a suitable identity proofing strategy (Help Net Security, Apr 28 2020)
In this podcast, Matt Johnson, Product Marketing Manager at TransUnion, talks about identity proofing and navigating identity during changing economic dynamics. By the end of this session, you’ll have an understanding of how to formulate an appropriate identity proofing strategy to meet the needs of your customers and online channels.

Why people talk a good game about privacy, but fail to follow up in real life? (Help Net Security, Apr 28 2020)
While most people will say they are extremely concerned with their online privacy, previous experiments have shown that, in practice, users readily divulge privacy information online.

Would You Have Fallen for This Phone Scam? (Krebs on Security, Apr 28 2020)
“You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.”

The Rise of Deepfakes and What That Means for Identity Fraud (Dark Reading, Apr 30 2020)
Convincing deepfakes are a real concern, but there are ways of fighting back.

7 Fraud Predictions in the Wake of the Coronavirus (Dark Reading, Apr 29 2020)
It’s theme and variations in the fraud world, and fraudsters love — and thrive — during chaos and confusion

Suspicious business emails increase, imposters pretend to be executives (Help Net Security, Apr 30 2020)
U.S. small businesses report an increase in suspicious business emails over the past year, a cyber survey by HSB shows, and employees are taking the bait as they fall for phishing schemes and transfer tens of thousands of dollars in company funds into fraudulent accounts.

GCHQ Granted Access to NHS Data as Privacy Concerns Increase (Infosecurity Magazine, Apr 30 2020)
Matt Hancock permits GCHQ to access NHS network security data

Passwordless Authentication Provider ‘Secret Double Octopus’ Raises $15 Million (SecurityWeek, Apr 30 2020)
Tel Aviv, Israel-based Secret Double Octopus has raised $15 million in a Series B funding round from Sony Financial Ventures, KDDI, and Global Brain as well as prior investors.